Seeking SRA Help? Here are the Most Trustworthy HIPAA Security Risk Assessment Tools

If you have responsibility for managing HIPAA compliance for your healthcare organization, several items may come out in your annual HIPAA risk assessment. As part of your Promoting Interoperability and MACRA/MIPS requirements, you will be conducting this Security Risk Analysis to ensure your hospital or clinic is compliance. Your electronic health record system typically supports auditing and security functions, but does not address the comprehensive SRA requirement. The Office of Civil Rights (OCR) has increased the volume of penalties, driving interest in ensuring that this requirement is fully met. An increase in cybersecurity attacks has also led to greater attention in this area.

Many hospitals and clinics have implemented security risk assessment tools to help manage the HIPAA Compliance activities. These platforms can provide explanation, definitions, and recommendations as you walk through the assessment. These are reviews of leading tools and services providers that offer SRA assistance to healthcare organizations.

HHS Security Risk Assessment Toolkit

Helpfulness: 2/10

Value: 5/10

The tool from the federal government has one clear positive benefit: it is free. Unfortunately, it is targeted to very small practices while not providing a lot of the clarity those practices need. The tool is single user only and installs locally on a Windows machine. While it facilitates completing the task, the report is generated without guidance on the follow-up risk management plan that is also required in the HIPAA security rule and the MIPS measure.

Medcurity Security Risk Assessment Tool and Services

Helpfulness: 9/10

Value: 8/10

Medcurity’s SRA platform stood out as the strongest support for HIPAA security risk assessment. This platform provides citation, explanation, definitions, and recommendations as you walk through the assessment. Users start the assessment, assign portion of it to IT vendors or staff members, and work on completing it over time. Medcurity has a team of experts that can provide onsite and remote support for the assessment process, including a complete SRA 3rd party perspective. Once complete, you can also track action items all year through the platform, serving an automated risk management plan. The executive dashboard and analytics were extremely illuminating functions. We found that Medcurity customers were strong advocates for this platform, including customers that had successfully navigated OCR audits with Medcurity’s support.

HIPAA One Assessment

Helpfulness: 5/10

Value: 4/10

While the pricing is similar to the Medcurity subscription pricing, HIPAA One’s platform appeared to be several generations behind and less intuitive in our walkthrough. In querying customers, the support team had been unresponsive when needed. Additionally, this platform did not have the strong risk management plan component. Onsite support was not an option and remote support during the year was an added cost. Without a full year of strong support, we found the value to be considerably lower for HIPAA One vs. other competitors.

(Medcurity software overview)